Code Review / vpp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: f7e655d)
VPP-716: IKEv2 responder fails to authenticate initiator 77/6477/3
authorMatthew Smith <mgsmith@netgate.com>
Wed, 26 Apr 2017 20:42:39 +0000 (15:42 -0500)
committerDamjan Marion <dmarion.lists@gmail.com>
Thu, 27 Apr 2017 12:54:09 +0000 (12:54 +0000)
Fix handling of IDi and IDr when processing payloads in ikev2_process_auth_req

Change-Id: If0d4441dc89f08f3753f38987406c002d43558ec
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
src/vnet/ipsec/ikev2.c patch | blob | history

diff --git a/src/vnet/ipsec/ikev2.c b/src/vnet/ipsec/ikev2.c
index 3f9978a..296654e 100644 (file)
--- a/src/vnet/ipsec/ikev2.c
+++ b/src/vnet/ipsec/ikev2.c
@@ -875,25 +875,26 @@ ikev2_process_auth_req (vlib_main_t * vm, ikev2_sa_t * sa, ike_header_t * ike)
              first_child_sa->i_proposals = ikev2_parse_sa_payload (ikep);
            }
        }
-      else if (payload == IKEV2_PAYLOAD_IDI || payload == IKEV2_PAYLOAD_IDR)   /* 35, 36 */
+      else if (payload == IKEV2_PAYLOAD_IDI)   /* 35 */
        {
          ike_id_payload_header_t *id = (ike_id_payload_header_t *) ikep;
 
-         if (sa->is_initiator)
-           {
-             sa->r_id.type = id->id_type;
-             vec_free (sa->r_id.data);
-             vec_add (sa->r_id.data, id->payload, plen - sizeof (*id));
-           }
-         else
-           {
-             sa->i_id.type = id->id_type;
-             vec_free (sa->i_id.data);
-             vec_add (sa->i_id.data, id->payload, plen - sizeof (*id));
-           }
+         sa->i_id.type = id->id_type;
+         vec_free (sa->i_id.data);
+         vec_add (sa->i_id.data, id->payload, plen - sizeof (*id));
+
+         clib_warning ("received payload IDi, len %u id_type %u",
+                       plen - sizeof (*id), id->id_type);
+       }
+      else if (payload == IKEV2_PAYLOAD_IDR)   /* 36 */
+       {
+         ike_id_payload_header_t *id = (ike_id_payload_header_t *) ikep;
+
+         sa->r_id.type = id->id_type;
+         vec_free (sa->r_id.data);
+         vec_add (sa->r_id.data, id->payload, plen - sizeof (*id));
 
-         clib_warning ("received payload %s, len %u id_type %u",
-                       (payload == IKEV2_PAYLOAD_IDI ? "IDi" : "IDr"),
+         clib_warning ("received payload IDr len %u id_type %u",
                        plen - sizeof (*id), id->id_type);
        }
       else if (payload == IKEV2_PAYLOAD_AUTH)  /* 39 */
Vector Packet Processing